Vulnerabilities Archives - Page 7 of 85

Cisco fixes serious flaws in emergency responder and other products

Issued by: CSO Online

Cisco patched authentication, privilege escalation, and denial-of-service vulnerabilities this week in several of its products, including one that’s used for identifying the location of 9-1-1 emergency callers. The flaw in Cisco Emergency Responder is caused by the presence of default static credentials for the root account that were used during development but were never removed….

Vulnerabilities

Apple fixed the 17th zero-day flaw exploited in attacks

Issued by: Security Affairs

Apple released emergency security updates to address a new zero-day vulnerability, tracked as CVE-2023-42824, that is exploited in attacks targeting iPhone and iPad devices. The vulnerability is a privilege escalation issue that resides in the Kernel, it was addressed with improved checks. “A local attacker may be able to elevate their privileges. Apple is aware…

Vulnerabilities

Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation

Issued by: The Hacker News

Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. “There are indications from Google Threat Analysis Group and Google Project Zero…

Vulnerabilities

Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product

Issued by: SecurityWeek

An urgent bulletin from the Burlington, Mass. company documented at least eight security defects that could be exploited remotely and urged business customers to immediately upgrade to WS_FTP Server 2020.0.4 (8.7.4) and WS_FTP Server 2022.0.2 (8.8.2). Progress Software said two of the vulnerabilities — CVE-2023-40044 and CVE-2023-40045 — are rated critical because of the risk…

Vulnerabilities

Trend Micro Patches Zero-Day Endpoint Vulnerability

Issued by: Dark Reading

Trend Micro has released an advisory covering a critical zero-day flaw — tracked as CVE-2023-41179 — that affects Apex One, Apex One SaaS, and Worry-Free Business Security. The vulnerability can be exploited for arbitrary code execution, and it revolves around the “products’ ability to uninstall third-party security software.” The advisory, written in Japanese, details how…

Vulnerabilities

UK Minister Warns Meta Over End-to-End Encryption

Issued by: SecurityWeek

Britain’s interior minister on Wednesday warned tech giant Meta that rolling out end-to-end encryption on its platforms must “not to come at a cost to our children’s safety”. Suella Braverman and security minister Tom Tugendhat have called on the company, which owns Facebook, Instagram and WhatsApp, to “work with us” and ensure police can access…

Vulnerabilities

Google Extends Chromebook Lifespan, Promises 10 Years of Automatic Updates

Issued by: SecurityWeek

Portable computers running Google’s ChromeOS, Chromebooks have been in users’ hands since 2012, and have become one of the most used types of devices within the education sector. To prolong their lives and ensure they remain secure to use, Google said it plans to extend the automatic security updates period for some of these devices,…

Vulnerabilities

How Attackers Get In: Unpatched Vulnerabilities and Compromised Credentials

Issued by: CSO Online

How are bad actors getting access to organizations? In many cases, they simply log in. Sophos research finds that one of the most common root cause of attacks is compromised credentials. In fact, 30% of respondents to its 2023 Active Adversary Report for Business Leaders said criminals have used these credentials to log on and…

Vulnerabilities

How the U.S. Government Views the Bright, Dark Sides of AI

Issued by: DataBreach Today

The U.S. government is testing how artificial intelligence might enhance operations while preparing for the technology’s downside, such as more dangerous hacking attempts from nation-state adversaries, a congressional panel heard Thursday. “The cybersecurity element is a great example of the bright and the dark side of AI technology,” said Arati Prabhakar, director of the White…